IN THE CLAIMS : 

Please amend the claims as indicated in the complete listing of pending claims listed 

below. 

1 . (Currently Amended) A cryptographic method, including: 
rec e iving at a first e ntity a s e cond public k e y VU t 

generatin g, at a first entity, a first session key Kb based on the-a_second public key 
M A ; 

g e n e rating a first random nonc e 

encryptin g, at the first entity, the-a_first random nonce N B using at least a first 

password Pb and a first public key Mb to obtain an encrypted random nonce^ 
the first public key Mr and the second public key Ma being session specific, 
the first public key Mr to be used at a second entity to derive the first session 
key; 

transmitting the encrypted random nonce from the first entity; 
receiving a response to the encrypted random nonce; and 
authenticating through determining whether the response includes a correct 
modification of the first random nonce. 

2. (Currently Amended) The method of claim 1 wherein said encrypting the first random 
nonce Nb includes: 

generating a first secret s e cr e t e Sr from at least the first password P B and the first 

public key Mb; and 
encrypting the first random nonce N B using at least the first secret s e cret e Sr: 
wherein the first secret Sr and the first session key Kr are different . 
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3. (Previously Presented) The method of claim 2 wherein said authenticating includes: 
checking whether a received modification of the first random nonce equals a 

modification of the first random nonce as applied to the first random nonce by 
the first entity. 



4. (Previously Presented) The method of claim 2 wherein said authenticating includes: 
checking whether a received modification of the first random nonce less a 

modification thereof as applied thereto by the first entity equals the first 
random nonce. 



5. (Previously Presented) The method of claim 2 wherein generating the first session 
key Kb includes: 

generating a first random number Rb, and 

computing the first session key Kb from the second public key M A raised to the 

exponential power of the first random number R B? modulo a parameter 6b. 

6. (Previously Presented) The method of claim 2 wherein the first secret Sb is generated 
using a combining function / B on at least the first password Pb and the first public 
key Mb. 

7. (Previously Presented) The method of claim 6 wherein the first secret Sb is generated 
using the combining function / B on the first password Pb and the second public key 
M A and the first public key M B . 
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8. (Currently Amended) The method of claim 2 wherein said generating the first secret 
s e cr e t e Sb includes: 

combining the second public key M A and the first public key Mb with the first 

password Pb to produce a first result, and 
hashing the first result with a secure hash. 

9. (Original) The method of claim 8 wherein the secure hash is a one-way hash function. 

10. (Original) The method of claim 9 wherein the one-way hash function is one of the 
Secure Hash Algorithm, the Message Digest 5, Snefru, Nippon Telephone and 
Telegraph Hash, and the Gosudarstvennyl Standard. 

1 1 . (Currently Amended) The method of claim 2 wherein said generating the first secret 
se cr e t e Sb includes: 

combining the first password Pb and at least one of the second public key M A and the 
first public key M B to generate a first combined result, and 

combining the first combined result and at least one of the second public key M A , the 
first password Pb, and the first public key Mb to generate a second combined 
result. 

12. (Previously Presented) The method of claim 2 wherein the first random nonce Nb is 
encrypted using a symmetrical encryption algorithm. 

13. (Original) The method of claim 12, wherein the symmetrical encryption algorithm is 
one of the Data Encryption Standard and the block cipher CAST. 
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14. (Previously Presented) The method of claim 2 wherein encrypting the first random 
nonce N B includes superencrypting the first random nonce N B . 

15. (Previously Presented) The method of claim 14, wherein superencrypting the first 
random nonce N B includes: 

encrypting the first random nonce N B with the first secret S B to produce the first 

encrypted result; and 
encrypting the first encrypted result using the first session key K B . 

16. (Currently Amended) The method of claim 2 wherein said transmitting the encrypted 
random nonce from the first entity includes: 

transmitting te-a-to the second entity the first public key M B to establish the session 

key at the second entity; and 
wherein said authenticating includes: 

decrypting the response using the first session key K B to generate a first 
decrypted result; and 

decrypting the first decrypted result using the first secret S B . 

17. (Previously Presented) The method of claim 2, wherein the response includes a 
combination of a second random nonce N A and a modification of the first random 
nonce; and wherein the method further includes: 

extracting the second random nonce N A from the response; 

modifying the second random nonce N A to obtain a modified second random nonce; 
encrypting the modified second random nonce using the first session key K B and the 
first secret S B to obtain an encrypted package; and 
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transmitting the encrypted package from the first entity. 

18. (Previously Presented) The method of claim 1 7 wherein said encrypting the modified 
second random nonce includes: 

generating a string of random bits I B ; 

encrypting a combination of the string of random bits Ib and the modified second 

random nonce using the first secret Sb to generate a first result; and 
encrypting the first result using the first session key K B . 

19. (Previously Presented) The method of claim 17 wherein the encrypted package is 
transmitted for authentication of the first entity in opening a two-way communication 
channel. 

20. (Currently Amended) A computer readable storage medium containing executable 
computer program instructions which, when executed, cause a first computer system 
to perform a cryptographic method including: 

r e c e iving at th e first comput e r syst e m a s e cond public k e y M A f 

generatin g, at the first computer system, a first session key Kb based on the-a_second 

public key M A ; 
g e n e rating a first random nonc e N gt 

encryptin g, at the first computer system, the-a_first random nonce N B using at least a 
first password Pb and a first public key M B to obtain an encrypted random 
nonce , the first public key Mr and the second public key Ma being session 
specific, the first public key Mr to be used at a second computer system to 
derive the first session key ; 
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transmitting the encrypted random nonce from the first computer system; 
authenticating through determining whether a response to the encrypted random 
nonce includes a correct modification of the first random nonce. 

21. (Currently Amended) A distributed readable storage medium containing executable 
computer program instructions which, when executed, cause a first computer system 
and a second computer system to perform a computer cryptographic method through 
a network, the method comprising: 

receiving at the first computer system a second public key M A ; 
generating at the first computer system a first session key Kb based on the second 
public key M A ; 

generating at the first computer system a first random nonce N B ; 

encrypting at the first computer system the first random nonce N B using at least a first 
password Pb and a first public key Mb to obtain an encrypted random nonce^ 
the first public key Mr and the second public key Ma being session specific, 
the first public key Mr to be used at the second computer system to derive the 
first session key ; 

transmitting the encrypted random nonce and the first public key M B from the first 

computer system to the second computer system to establish the session key at 

the second computer system; 
receiving at the first computer system from the second computer system a response to 

the encrypted random nonce; and 
authenticating the second computer system at the first computer system through 

determining whether the response includes a correct modification of the first 

random nonce. 
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22. (Currently Amended) A computer system for performing a cryptographic method 
through a network, the computer system comprising: 

a processor; 

a network interface coupled to the network and coupled to the processor, the network 
interface to receive a request including information on a user identification; 
and 

a storage device coupled to the processor, the storage device to store a user password 
corresponding to the user identification, and wherein the processor is to 
perform a method, including: 

receiving a second public key M A through the network interface; 
generating a first session key Kb based on the second public key M A ; 
generating a first random nonce Nb; 

encrypting the first random nonce Nb using at least the user password and a 
first public key Mb to obtain an encrypted random nonce , the first 
public key Mr and the second public key Ma being session specific, 
the first public key Mr to be used at a further computer system 
coupled to the network to derive the first session key ; 

transmitting the encrypted random nonce and the first public key M B through 
the network interface; 

authenticating through determining whether a response to the encrypted 
random nonce includes a correct modification of the first random 
nonce . 

23. (Previously Presented) The computer system of claim 22 wherein the network is a 
network operating according to a hypertext transfer protocol; and the first public key 
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M B is transmitted with the encrypted random nonce for session key exchange. 



24. (Previously Presented) A cryptographic method, comprising: 

receiving at a first entity a second public key Ma and an encrypted second random 
number; 

generating a first session key Kb based on the second public key Ma; 
decrypting, using at least a first password Pb and the second public key M A , to 

retrieve a second random number N A from the encrypted second random 

number; 

modifying the second random number N A to obtain a modified second random 
number; 

encrypting the modified second random number using at least the first password Pb 
and a first public key Mb to obtain an encrypted random package; and 
transmitting the encrypted random package from the first entity. 

25. (Previously Presented) The method of claim 24, wherein said decrypting includes: 
decrypting the encrypted second random number using the first session key Kb to 

generate a first decrypted result; and 
decrypting the first decrypted result using at least the first password Pb and the 
second public key M A . 

26. (Previously Presented) The method of claim 24 wherein said generating the first 
session key Kb includes: 

generating a first random number Rb, and 
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computing the first session key Kb from the second public key M A raised to the 
exponential power of the first random number Rb, modulo a parameter 6b. 

27. (Previously Presented) The method of claim 24 wherein said decrypting includes: 
generating a first secret Sb using a combining function /b on at least the first 

password Pb and the second public key Ma- 

28. (Previously Presented) The method of claim 27 wherein the first secret Sb is 
generated using the combining / B on the first password Pb and on the second public 
key Ma and the first public key Mb. 

29. (Previously Presented) The method of claim 28 wherein said generating the first 
secret Sb includes: 

combining the second public key M A and the first public key M B with the first 

password Pb to produce a first result, and 
hashing the first result with a secure hash. 

30. (Original) The method of claim 29 wherein the secure hash is a one-way hash 
function. 

3 1 . (Original) The method of claim 30 wherein the one-way hash function is one of the 
Secure Hash Algorithm, the Message Digest 5, Snefru, Nippon Telephone and 
Telegraph Hash, and the Gosudarstvennyl Standard. 
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32. (Previously Presented) The method of claim 27 wherein said generating the first 
secret Sb includes: 

combining the first password Pb and at least one of the second public key M A and the 
first public key M B to generate a first combined result, and 

combining the first combined result and at least one of the second public key M A , the 
first password P B , and the first public key Mb to generate a second combined 
result. 

33. (Previously Presented) The method of claim 24, wherein said encrypting the modified 
second random number includes superencrypting the modified second random 
number. 

34. (Previously Presented) The method of claim 24, further including: 
generating a first random number Nb; and 

wherein said encrypting the modified second random number includes: 
encrypting a combination of the first random number N B and the modified second 
random number. 

35. (Previously Presented) The method of claim 34 which further includes: 
receiving at the first entity a response to the encrypted random package; 
decrypting the response to obtain a combination of a string of random bits and a 

modified first random nonce; and 
retrieving the modified first random nonce from the combination of the string of 

random bits and the modified first random nonce; 
determining whether the modified first random nonce was correctly modified from 
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the first random number Nb. 



36. (Previously Presented) The method of claim 35 wherein said determining whether the 
modified first random nonce was correctly modified includes: 

checking whether the modified first random nonce equals a modification of the first 
random nonce as applied to the first random nonce by the first entity. 

37. (Previously Presented) The method of claim 35 wherein said determining whether the 
modified first random nonce was correctly modified includes: 

checking whether the modified first random nonce less a modification thereof as 
applied thereto by the first entity equals the first random nonce. 

38. (Previously Presented) A computer readable storage medium containing executable 
computer program instructions which, when executed, cause a first computer system 
to perform a cryptographic method including: 

receiving at the first computer system a second public key M A and an encrypted 

second random number; 
generating a first session key Kb based on the second public key M A ; 
decrypting, using at least a first password Pb and the second public key M A , to 

retrieve the second random number N A from the encrypted second random 

number; 

modifying the second random number N A to obtain a modified second random 
number; 

encrypting the modified second random number using at least the first password Pb 
and a first public key Mb to obtain an encrypted random package; 
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transmitting the encrypted random package from the first computer system for 
authentication. 

39. (Previously Presented) A distributed readable storage medium containing executable 
computer program instructions which, when executed, cause a first computer system 
and a second computer system to perform a cryptographic method through a network, 
the method including: 

receiving, from the second computer system and at the first computer system, a 
second public key M A and an encrypted second random number; 

generating a first session key Kb based on the second public key M A ; 

decrypting, using at least a first password Pb and the second public key M A , to 
retrieve a second random number N A from the encrypted second random 
number; 

modifying the second random number N A to obtain a modified second random 
number; 

encrypting the modified second random number using at least the first password Pb 
and a first public key Mb to obtain an encrypted random package; 

transmitting the encrypted random package from the first computer system to the 
second computer system. 

40. (Previously Presented) A computer system for performing a cryptographic method 
through a network, the computer system comprising: 

a processor; 

a network interface coupled to the network and coupled to the processor, the network 
interface to receive a request including information on a user identification; 
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and 

a storage device coupled to the processor, the storage device to store a user password 
associated with the user identification, and wherein the processor is to perform 
a method, including 

receiving a second public key M A and an encrypted second random number 

through the network interface; 
generating a first session key Kb based on the second public key M A ; 
decrypting, using at least a first password P B and the second public key M A , to 

retrieve the second random number N A from the encrypted second 

random number; 

modifying the second random number N A to obtain a modified second random 
number; 

encrypting the modified second random number using at least the first 

password P B and a first public key M B , to obtain an encrypted random 
package; 

transmitting the encrypted random package through the network interface. 

41 . (Previously Presented) The computer system of claim 40 wherein the network is a 
network operating according to a hypertext transfer protocol; and the first public key 
M B is transmitted for session key exchange before the encrypted second random 
number is received. 
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